Information Technology Security Officer

Apple Recruitment are URGENTLY recruiting for an Information Technology Security Officer on behalf of the NI Assembly.

Job Purpose:

This is a challenging new post within the Information Systems (IS) Office. The post holder will lead the Assembly’s Information Technology Security functions. This is a key change role within the Assembly, supporting and reshaping the provision of information systems and enabling other parts of the business to perform effectively. The successful delivery of information systems in a rapidly changing technical environment presents many strategic, operational and technical challenges to the post holder.

The Information Technology Security Officer:

The Information Technology Security Officer (ITSO) is a highly skilled, specialised role responsible for developing, implementing, and maintaining the Northern Ireland Assembly Commission’s (the Assembly Commission’s) information security policies and procedures, to ensure information security and compliance with legislation and best practice. The ITSO will endeavour to ensure the confidentiality, integrity, and availability of all data and information systems, by protecting them from internal and external threats. The ITSO will collaborate with IS Office teams and the Data Protection and Governance Officer to align security practices with regulatory requirements and business objectives. They will take a lead role in safeguarding the Assembly Commission’s information assets and ensuring a proactive stance against evolving cybersecurity threats. The ITSO plays a key role in strengthening the Assembly Commission's defences and fostering a security-conscious culture across all Business Areas.

The ITSO will take a proactive, solution-focussed approach to identify security risks and manage incident responses. The ITSO will lead in the development and delivery of information security awareness training to staff and Members. The ITSO will monitor and improve security controls, conduct risk assessments, and collaborate with cross-functional teams to maintain a secure IT infrastructure.

This is a key role in the organisation, and the post holder will have significant influence on any discussions relating to IS matters. The post will frequently involve a “challenge” aspect to the plans of other Assembly Business units and/or Directorates and this requires excellent communication skills and a degree of assertiveness when required.

The structure of the IS Office is under review, on an ongoing basis and management of all functions may, in the future, change.

Main duties and responsibilities are:

Strategic

• Work alongside the Head of IT to develop the Assembly Commission’s IT vision, strategy and accompanying action plan and deliver it through a robust programme and project management framework, in line with best practice, to support the continuing digital transformation of Assembly and Assembly Commission business.
• Identify future challenges in the IT landscape and develop relevant mitigation strategies.
• Research and evaluate existing and emerging technologies, products and services, particularly cloud computing, to identify potential areas of improvement and support new ways of working.
• Provide strategic and authoritative technical advice to the Director of Parliamentary Services, Senior Management Team (SMT) and the Head of IT on matters relating to Assembly Commission systems, applications, policies and processes.
• Represent the Assembly at external forums and events, building and maintaining effective and constructive external relationships.

Operational

• Developing and Leading staff
• Leading and managing staff and teams to build a high performing team that is focused on delivering excellence in all aspects of service delivery.
• Promoting a culture of learning and innovation with a strong customer ethos.
• Information Security Management
• Lead, develop, implement, and monitor a comprehensive technical information security program, including all related policies, standards, and guidelines to protect information assets, especially where changes have been made.
• Provide professional expertise and advice to SMT, senior managers and the Data Protection and Governance Officer to ensure that technical information security adheres to data protection and information security standards, including ISO 27001, NIST, and GDPR (as applicable).
• Lead and define security best practices and align them with organisational goals and compliance requirements.
• Implement technical security controls to systems and lead alongside the Head of IT in ensuring that all team members adhere to the controls.
• Risk Assessment and Incident Response
• Conduct regular risk assessments to identify vulnerabilities and develop strategies for risk mitigation with the Data Protection and Governance Officer.
• Take the lead, assess risks, interpret complex data, and make informed decisions on security measures, providing advice to SMT.
• Provide professional expertise and advice to the Data Protection and Governance Officer when managing and responding to security incidents and breaches from a technical perspective, coordinating with internal stakeholders and external authorities as needed.
• Lead IS Office teams to conduct root-cause analyses of incidents and develop plans to prevent recurrence.
• Lead and implement solutions, with the team, to security challenges and adapt quickly and professionally to new threats.
• Security Operations
• Lead the team supporting the daily operations of security systems, such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and SIEM.
• Lead and provide expertise on reviewing and analysing security alerts and logs for signs of potential vulnerabilities, threats, or breaches.
• Lead and coordinate with IS teams to ensure secure system configurations, vulnerability patching, and software updates.
• Lead and support the secure adoption of new technologies from the Microsoft technology stack.
• Lead and manage the team conducting assessments across all (organisational) new technical / data related projects preparing and presenting updates and security risks to the Head of IT and all stakeholders.
• Provide technical security advice an information to ensure internally developed Assembly information systems, and new technologies are secure by design, including any changes.
• Compliance and Regulatory Alignment
• Manage and monitor compliance with relevant regulations and industry standards, such as GDPR, HIPAA, PCI-DSS, and SOX.
• Lead and prepare for internal and external security audits, documenting compliance status and remediation efforts.
• Manage and maintain detailed records of compliance efforts and conduct annual security assessments to update policies as needed.
• Security Awareness and Training
• Foster a security conscious culture by leading and conducting training needs analysis relating to cyber security; developing, implementing and delivering appropriate training for Commission staff and Members.
• Provide technical information and advice to senior managers and staff across business areas, Members and Party Support in IT related projects and provide security guidance and advice as required.
• Lead cyber security incident response efforts, coordinating with Heads of Business as appropriate.
• Supplier and Third-Party Management
• Assess and manage security risks associated with third-party suppliers, including reviewing security documentation, conducting periodic audits and mitigating risk through appropriate controls.
• Contribute to the development of specifications for the procurement of ICT enabled business solutions and provide advice on security aspects and to lead, in an IS Office representational role, in discussions with potential contractors and suppliers within the specialism.
• Documentation and Reporting
• Develop and maintain detailed documentation of security policies, procedures, and incidents for regulatory and internal auditing purposes. Leading the team to ensure effective pro-active technical monitoring of system logs.
• Create regular reports for senior management on the state of the organisation’s cybersecurity posture, risk management, and incidents.
• Competent in monitoring security controls, reviewing logs, and creating thorough documentation for audits and compliance.

If you wish to apply or would like more information, please email your CV in Microsoft word format to Caroline by clicking on the link below by 12 noon Tuesday 11th February 2025. You must also include a bullet pointed synopsis at the top of your CV, or provide a Cover Letter, demonstrating how exactly you meet the Essential Criteria below:

Essential Criteria:

Applicants for the post of ITSO must, by the closing date for applications:

1. Possess at least a Bachelor’s (or higher) Degree in Computing or other discipline relevant to Information Systems / Information Technology, Cyber Security or Network Administration*.

Plus

Have a minimum of 3 years’ experience in each of the areas a) - c) described below:

1. Working across a multi - discipline technology stack;
• Cloud environments (AZURE / AWS);
• Firewalls (On premise / Cloud services);
• Intrusion Detection / Prevention Systems;
• Security Information & Event Management tools (SIEM);
• Data Loss Prevention (DLP);
• Endpoint Management;
• Networking, Protocols & Vulnerability Management;
• Encryption & Identity Management;
• Policy creation; and,
• Developing and delivering Cyber Security related Training.

1. Working in roles such as, Security Operations, Incident Response and Investigation, Risk Management and / or Network Security and Architecture.
2. Working knowledge/experience of information security management systems (ISMS)

AND

Possess a professional certification that aligns with the responsibilities of the role such as Certified Information Systems Security Professional; CISSP, Certified Cloud Security Professional (CCSP)).

OR

1. Have at least 6 years’ experience working in a cyber security role, demonstrating progressive experience in technical and operational aspects of Cyber Security.

Plus

Have a minimum of 3 years’ experience in each of the areas a) -c) described above.

AND

Possess a professional certification that aligns with the responsibilities of the role such as Certified Information Systems Security Professional; CISSP, Certified Cloud Security Professional (CCSP) and have the ability to demonstrate knowledge of information security management systems (ISMS).

*NB only those courses with a computing content of 50% or more will be considered and applicants must give full details on the application form of how the content of the course meets this requirement.

Further Details:

• Hourly Rate based on £66,376
• Start Date - ASAP
• Duration – 6 months with possible extension
• Closing Date for CV’s: 12 noon Tuesday 11th February 2025
• This area operates Hybrid working

If you wish to apply or would like more information, please email your CV in Microsoft word format to Caroline by clicking on the link below by 12 noon Tuesday 11th February 2025.

Applicants must ensure their CV is accurate and up to date. The CV should include your full employment history inclusive of dates, all academic achievements and full personal contact details.

Please note only applicants that match this criteria can be considered for the role.

Apple Recruitment Services is acting as an Employment Agency in relation to this vacancy. Apple Recruitment Services is an Equal Opportunities Employer.